def post_page(request, post_id):
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
edit = False
delete = False
else:
edit = True
delete = True
if "csrftoken" in request.COOKIES:
token = request.COOKIES["csrftoken"]
else:
delete = False
token = None
return render(request, "Forum/post.html", {
"post": post,
"zone": zone,
"edit": edit,
"delete": delete,
"token": token
})
def edit_post(request, post_id):
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
#判断是不是本人 管理员或者版主
if (not (request.user.is_staff or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if request.method == "GET":
return render(request, "Forum/edit.html", {"post": post})
else:
title = request.POST.get("title", " ").strip()
content = request.POST.get("content", " ").strip()
if len(title) < 3 or len(content) < 5:
response_json = {"status": "error", "content": "再多写几个字吧"}
return HttpResponse(json.dumps(response_json))
post.title = title
post.content = content
post.save()
response_json = {
"status": "success",
"redirect": "/forum/post/%s/" % post.id
}
return HttpResponse(json.dumps(response_json))
def delete_post(request):
post_id = request.GET.get("post_id", "-1")
token = request.GET.get("token", None)
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if "csrftoken" in request.COOKIES:
if token != request.COOKIES["csrftoken"]:
return HttpResponseForbidden("Invalid Token")
else:
return HttpResponseForbidden("Invalid Token")
post.delete()
return HttpResponse("success")
def delete_comment(request):
comment_id = request.GET.get("id", "-1")
token = request.GET.get("token", "")
try:
reply = Reply.objects.get(id=comment_id)
except Reply.DoesNotExist:
raise Http404
post = reply.post_set.all()[0]
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if "csrftoken" in request.COOKIES:
if token != request.COOKIES["csrftoken"]:
return HttpResponseForbidden("Invalid Token")
else:
return HttpResponseForbidden("Invalid Token")
post.reply.remove(reply)
return HttpResponse("success")
def delete_post(request):
post_id = request.GET.get("post_id", "-1")
token = request.GET.get("token", None)
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff
or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if "csrftoken" in request.COOKIES:
if token != request.COOKIES["csrftoken"]:
return HttpResponseForbidden("Invalid Token")
else:
return HttpResponseForbidden("Invalid Token")
post.delete()
return HttpResponse("success")
def delete_comment(request):
comment_id = request.GET.get("id", "-1")
token = request.GET.get("token", "")
try:
reply = Reply.objects.get(id=comment_id)
except Reply.DoesNotExist:
raise Http404
post = reply.post_set.all()[0]
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff
or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if "csrftoken" in request.COOKIES:
if token != request.COOKIES["csrftoken"]:
return HttpResponseForbidden("Invalid Token")
else:
return HttpResponseForbidden("Invalid Token")
post.reply.remove(reply)
return HttpResponse("success")
def post_page(request, post_id):
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
if (not (request.user.is_staff
or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
edit = False
delete = False
else:
edit = True
delete = True
if "csrftoken" in request.COOKIES:
token = request.COOKIES["csrftoken"]
else:
delete = False
token = None
return render(request, "Forum/post.html",
{"post": post, "zone": zone, "edit": edit, "delete": delete, "token": token})
def edit_post(request, post_id):
try:
post = Post.objects.get(id=post_id)
except Post.DoesNotExist:
raise Http404
zone = Zone.objects.get(name=post.zone_name)
#判断是不是本人 管理员或者版主
if (not (request.user.is_staff
or request.user.username == post.author
or is_manager(zone.id, request.user.username))):
raise Http404
if request.method == "GET":
return render(request, "Forum/edit.html", {"post": post})
else:
title = request.POST.get("title", " ").strip()
content = request.POST.get("content", " ").strip()
if len(title) < 3 or len(content) < 5:
response_json = {"status": "error", "content": "再多写几个字吧"}
return HttpResponse(json.dumps(response_json))
post.title = title
post.content = content
post.save()
response_json = {"status": "success", "redirect": "/forum/post/%s/" % post.id}
return HttpResponse(json.dumps(response_json))
